Errol Weiss (14:42)

Ten years after 9 11, the then new York Police Department Commissioner Ray Kelly was doing an interview with 60 Minutes. They had posed a question to him, basically asking, you know how could you spend billions of dollars to protect New York City? And they were showcasing all of the efforts that New York City had gone through post 911 to protect the city, including building up a threat intelligence capability with New York police staff deployed globally, collecting intelligence in all parts of the world. I mean, just amazing. And just thinking about the money that they were spending to do that. When the reporter asked Ray Kelly, why did you do that? His answer was, basically, I'm not relying on the federal government to protect me. I've got to do this myself. And that really struck a chord with me back in 2011, even after, again, I've been in a part of this ISAC world for quite some time, going back to 1999 and the Financial Services ISAC, and really seeing the onus put on the private sector back in the mid-1990s, through some of the history with the federal government in terms of protecting critical infrastructure. And I think really that quote from Ray Kelly just cemented it for me then just realizing that we cannot rely on the federal government. And especially as administrations change, and of course, we've seen everything that's happened already this year, we need to take proactive measures to protect critical infrastructure. And we can look back at some of the original reporting that was done in the mid-1990s, this presidential commission on Critical Infrastructure, where they realized that much of the critical infrastructure was owned and operated by the private sector. And so that we needed to encourage the private sector to do something to protect it.

Dave Buettner (16:33)

So what is the background and history of why this is so? I mean, why do we find ourselves with this situation where the private sector is primarily responsible for this, and is it this way around the world?

Errol Weiss (16:47)

I don't necessarily think it's that way around the world, but again, I will, you know, I'll go back to the mid-1990s when, you know, the Internet was just starting to become a thing. E commerce was starting to explode. Banks were starting to be online and providing services online to their customers. And this again is the exact same timing when this Presidential Commission report on critical Infrastructure protection happened. And then we see that report coming out in 1997. And then the next year was this thing called Presidential Decision Directive 63, 1998. It encouraged the private sector to create These things called ISACs, Information Sharing Analysis Centers. And the whole idea was to encourage each critical infrastructure to create a forum where members or companies inside that sector, inside each of those critical infrastructures, could work with each other to share information, work to make sure that they were sharing, collaborating with each other when it came to new threats, new vulnerabilities, and helping each other stay safe online.

Dave Buettner (17:54)

Well, as the chief security officer for the Health isac, let me ask you, how's it going?

Errol Weiss (18:01)

So here we are like 30 years later, almost 30 years later now, and how is it going? Well, we've made a lot of strides since the beginning. I remember the early days of the financial services isac. It's sort of that classic comedic scene where you've turned the service on and you're sitting back and waiting for all the action to happen and then nothing happens. So how do you get people to start to contribute, collaborate with each other? And there's been a lot of growing pains, a lot of lessons learned, some advances in terms of defining a way for people to protect the information that's being shared with them. And so a few years after the invention of the ISACs came along this thing called Traffic Light protocol. And it became an easy way for people to understand what could they do with the information that's being shared with them? Do I have to keep it within my own company? Can I tell anybody else? Can I share it publicly? And so that Traffic Light protocol helps with all of that. And that was one of the reasons why we started to see a sudden explosion in the amount of information that was being shared. And then automation, when things like Stix and Taxi, the underlying protocols about how to automatically share threat indicators with each other that also help contribute to the automated sharing. And ultimately I would say it's still personality driven, it's still driven by people who understand who get the benefits of information sharing. The fact that the fact that they can not only help protect their company, but that they can also get something personally out of it. Learn, understand the technology better, understand the vulnerabilities better and benefit at a personal level by learning new capability, new threats, new ways to protect their company and benefit from just from a professional development standpoint.

Dave Buettner (20:08)

With your role at the Health isec, how do you and your colleagues measure success?

Errol Weiss (20:16)

Well, we're very metrics driven, right. So we're constantly looking at the number of indicators that are shared, the number of members that are sharing multi way. So it's not just that we're broadcasting out all the time that people are contributing back the growth in the organization, the benefits that members are getting from us. You know, it's tough to measure, right? It's tough to measure what you've prevented from happening, right. So it's definitely a challenge when it comes to showing positive KPIs for example, and I think a lot of the ways, one of the reasons why ISACs are growing and gaining in popularity is that people can, people can understand the non tangible benefits that they get out of it. There's this conventional wisdom that says, gee, from all the information that I've gleaned from this, the crowdsourcing of information, the better access to understand new threats, new vulnerabilities, or even understanding what the best practices are in the industry today, by learning all of that from my peers and being able to quickly gather all that and implement that in your own environment, I think people understand there's some tangible value that they're getting out of it. It's hard to put a number on it, but I think they understand there's value.

Dave Buettner (21:42)

As you look towards the future, what are some of the aspirational goals that you have for the organization and where do you see isacs going?

Errol Weiss (21:51)

Yeah, I think some of the challenges that we have is that there's still a perception that the ISACS are a US thing, or even, I'll say worse yet, an extension of the US government. I mean, we're not. Most of the ISACs are nonprofit organizations that are funded entirely by member organization fees and other revenue and not reliant on federal government. And I think especially this year, it becomes even more important to understand that because of budget cuts and staff cuts that are happening, we're not impacted by that. We're still providing services to our members, despite what we see happening in the administration here today. And I think the challenges that we see internationally is that we also see other sovereign nations wanting to set up their own ISACs. And I think it's commendable to see activity like that, to be able to replicate that model. But I think it's a disservice to the sectors individually because cyber threats, they don't respect international borders. Right. And so if we're seeing something happening here in the US for example, it's probably happening in Europe, it's probably happening in Asia Pacific as well, Australia, et cetera. They're seeing the same cyber threats that we are. And we need to be able to quickly broadcast that information and share it across the globe without having to have these manual steps to share it from one ISAC to another, for example. So I think sort of my goals would be to have better cross border international information sharing and collaboration happening on a global basis. I mean, Health ISAC, we've got members in 140 countries around the world, but it could always be better. And I think that if we're able to encourage those country ISACs that are being set up to be able to connect with the infrastructure ISACs in a much smoother, transitional, transparent way. That would be a better service for ultimately for their members that they're trying to serve.

Dave Buettner (24:14)

You know, you brought up a really interesting point, which is that, you know, we're seeing a lot of transition and I think some would say even chaos in Washington, D.C. right now. And it's challenging for a lot of folks in a lot of different positions. But as you look at the partnerships that organizations have with the federal government, it seems to me like this informs. Is it safe to say that organizations like the Health isec, they welcome participation and partnership with federal government organizations? But it seems to me like things like this reinforce the fact that you can't always rely on them. You need to have your own autonomy because you never know what's around the next corner.

Errol Weiss (25:01)

Yeah, that's exactly right and really well said. I mean, I think in so many ways, the ISACS were established as this apolitical trusted resource. So the ISACS have been set up as this apolitical trusted resource that's created, operated, funded by the private sector and not necessarily subject to the whims of one administration to the next. And it's, and it's really, it's so important to be able to maintain some of that consistency, especially in times like this that we see today where, you know, to your point, Health isac, we work very closely with Health and Human Services, HHS and cisa, for example, and who knows what's happening in this environment right now where we've even heard that, you know, they can't talk to us, they can't attend meetings that they normally would have attended in the past. And so we're kind of waiting to see what happens, see what those next steps are. So I think there's going to be a bit of a loss there when it comes to some of the collaboration and sharing that's happening between public and private sector. But safe to say things like Health ISAC and the other ISACs will continue to operate as we normally do, just with some of the less participation from our federal partners, unfortunately, at this time.

Dave Buettner (26:22)

All right, well, Errol, I think I have everything I need for our story here. Is there anything I missed? Anything I haven't asked you that you think it's important to share?

Errol Weiss (26:31)

Yeah, I think just the last thing I would just point out again. The last thing that I would point out again. And it just happens to do with sort of that international sharing that I mentioned before, and I worry that because of what's happening in the administration right now, that our foreign partners, foreign nations, are sort of losing trust in the US and based on what's been happening and some of the posturing that's been happening early in this administration, and I think ultimately it may even impact what's happening in the cybersecurity information sharing worlds, that nations outside the US may be less inclined to participate in some of these ICE acts because of the lack of trust or the lack of assurance that we're going to. The lack of assurance that we're going to continue to work together in a very cooperative fashion as we've done in the past. So I'm a bit concerned about that. But I will continue to beat the drum that we are still here operating business as usual and looking for partners where we can partner internationally to help our members globally.

Dave Buettner (27:42)

That's Errol Weiss, Chief Security Officer at the Health isap. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers. So I decided to try Deleteme. I have to say, Deleteme is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data Privacy is protected. DeleteMe's team does all the work for you with detailed reports. So know exactly what's been done, take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com n2k and use promo code n2k at checkout. The only way to get 20% off is to go to JoinDeleteMe.com N2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K. And finally, the story of Davis Liu, a 55 year old software developer who took rage quitting to a whole new level after working for eaton Corporation for 12 years. Lou was demoted in 2019. Apparently, instead of updating his resume like the rest of us, he wrote a Java based malware program to grind his employer's systems to a halt. His masterpiece, an infinite loop that kept spawning threads until the system collapsed. But he didn't stop there. Lou also coded a kill switch charmingly named Is DL enabled in ad. Presumably is Davis Lou enabled in Active Directory, which locked thousands of employees out of their accounts. If he was ever fired, and he was, the feds weren't amused. After failing to delete evidence and admitting guilt in an interview, Lou still pleaded not guilty. Lost. Now he faces up to 10 years in prison, proving that revenge is best served. Not at all. And that's the Cyberwire we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilby is our publisher and I Dave Bitner. Thanks for listening. We'll see you back here tomorrow. And now a message from our sponsor. Zscaler, the leader in cloud security enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your security. Zscaler Zero Trust AI stops attackers by hiding your attack surface, making apps and IPs invisible, eliminating lateral movement connecting users only to specific apps, not the entire network continuously verifying every request based on identity and context simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions. Hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more@Zscaler.com Security.